CVE-2010-0386 — MEDIUM (4.3)

Vulnerability Description

The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Sun	Java System Application Server	7.0

Related Weaknesses (CWE)

CWE-16

References

http://sunsolve.sun.com/search/document.do?assetkey=1-66-200942-1Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200942-1Vendor Advisory

FAQ

What is CVE-2010-0386?

CVE-2010-0386 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials...

How severe is CVE-2010-0386?

CVE-2010-0386 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-0386?

Check the references section above for vendor advisories and patch information. Affected products include: Sun Java System Application Server.